Our club station is wrapping up the deployment of a corporate grade LAN. Lots of neat stuff* to make operating easier.

We have a legal copy of Microsoft small business server. Here's the issue: from what I understand via KB295765, there is no way to build a domain trust with another windows domain. Is upgrading to Server 2008 our only option?

To the best of my knowledge, yes. I used to go to MicroSoft workshop briefings all the time until about 3 years ago and I somewhat remember them discussing this. Microsoft tends to leave things out of software as a reason for future upgrades. (when they are getting ready to release a new OS they know what next OS replacing it will add)

Logged

--------------------------------------Ham since 1969.... Old School 20 WPM Extra

Let me ask this though - What's your reasoning for needing or wanting a trust with another domain?

I've never heard of a club station or other similar sized private organization that required a trust with an enterprise 2500+ corporate network of computers.

A lot of times, there are other ways to do things - Also, as a nonprofit, your club might qualify for someplace like TechSoup, where nonprofits can get very large(60%+ ) discounts from Microsoft, Dell, and Cisco.I'll ask a friend who is a professional reseller and integrator who has lots of nonprofit customers.

I myself am an Active Directory admin, for an enterprise network. We have some trusts built with other entities.

Let me ask this though - What's your reasoning for needing or wanting a trust with another domain?

Pretty straight forward: Our club is extremely fortunate to have a dedicated building on a 32 acre campus on the Atlantic coast. Our building has it's own internet feed and LAN. When it's done, each of the operating positions will have it's own PC, plus networked printers.

Rather then having the membership logging in a local admins, the intent is to use AD to set up profiles for each user to lock things down.

When the campus backbone is completed, the intent is have a trust between the host site domain and our domain to share resources without merging them completely..

If what you're after is website access to your hosts' webservers, and use of their Internet and other such resources, you probably don't need a trust to accomplish that. Proper configuration of DNS and firewall/server access permissions would take care of a lot of it, without resorting to a full trust or one way trust.

Trusts are primarily used when you absolutely have a reason to use direct AD authentication to access the resources for some type of auditing or regulatory compliance reason, or you have hundreds or thousands of accounts on each "side", all of which need NTFS access or AD-controlled access to applications in the "other" network. It's not necessarily often done for simply allowing access to non-public web servers on one side, or for access to email servers, etc. A lot of that can be done via other means.

For a lot of other types of resource sharing, it's possible and often more commonly done to accomplish those same types of access using locally configured logins on webservers, etc, and users simply need to log in using a different account when and if they try to use that resource from the 'other' network.It typically depends upon just how many users will really be accessing cross-domain resources just how often, before a trust is used.

You might try playing around with a one-way trust, to see if their larger environment can be told to trust your side, but you aren't going to be trying to configure your SBS server to also allow unrestricted access to every one of their users.Microsoft might well alllow that sort of thing for SBS,which sounds like it might need your needs.

But, don't let me talk you out of a trust -

Let me get back to you about non-profit access to TechSoup and other resources-- we might be able to find you some seriously cheap licenses, which may help your rationale for Server 2008.

Copyright 2000-2016 eHam.net, LLC
eHam.net is a community web site for amateur (ham) radio operators around the world.
Contact the site with comments or questions.
WEBMASTER@EHAM.NETSite Privacy Statement